How customers were fooled by fake dispensers

Charles Arthur studies some of the methods criminals use to commit fraud
Click to follow
The Independent Online
There is no particular magic about faking a credit or cash dispenser card. A few hundred pounds, in the right hands, will provide you with a couple of hundred blank credit-sized plastic cards and a machine which can read and write digits on to the cards' magnetic strip. All you need then are the customers' bank account numbers and their Personal Identification Numbers (PINs), and you can commit fraud on a grand scale.

The card's magnetic strip stores the holder's bank account number and some other details, just as a cassette tape stores music.

When a magnetic strip is "swiped" past a card reader's built-in tape head, the strip's fluctuating magnetic field is translated back into numbers. The card readers used in shops transmit that to the owner's bank to confirm transactions.

But the machines used by criminals can both capture those numbers and write them on to the strips on blank cards, just like a tape recorder with a blank cassette. Multiple copies of the same card can be made in a few minutes.

Though the sale and supply of such machines is meant to be strictly controlled, they can be imported from the United States or Europe quite easily, and with a little technical knowledge altered to input any data required.

The biggest problem for the criminals is getting the raw data. Cash dispenser cards do not contain their PIN, while credit cards have added features such as holograms and signatures.

Some ingenious techniques have been used to defeat this. A common technique is pub sales of cheap computer or sports equipment at which customers are encouraged to pay by card, and asked to input their PIN "for confirmation".

One gang set up a fake cash dispenser in a shopping mall: would-be customers inserted their cards and typed in their PINs, which were stored by a computer behind the facade. Its screen then said there was no cash available.

Another fraud connected a swipe card reader to the door of a bank, and asked customers to input their PIN. By the end of the weekend the reader held hundreds of card numbers - and, crucially, their accompanying PINs.